Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-05-21
2003-12-23
Kizou, Hassan (Department: 2662)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C320S118000
Reexamination Certificate
active
06668283
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of data communications networks. More particularly, this invention relates to a method and apparatus for limiting the number ISDN B-Channels that a group or individual is permitted to simultaneously use to communicate with one or more network access servers (NASes) at a point of presence (PoP) of a data communications network.
2. The Background
As well known to those of ordinary skill in the art, narrowband integrated services digital network (N-ISDN), or simply “ISDN” herein, is a telecommunications service provided by telephone companies (Telcos) to users for transferring digital information at relatively high speeds as compared to analog telephone circuits. Users typically receive a connection capable of a single “D-Channel” for out-of-band digital control signaling and one or more Basic Rate Interface “B-Channels” for 64-kbps data communications each. As it is possible to receive up to a maximum 23 or 30 B-channels depending upon one's service, it is therefore possible to construct parallel communications links which have large bandwidth.
Internet Service Providers (ISPs) and Telcos which provide internet service over dial-up ISDN lines generally expect that they will be providing service to a user with one or possibly two Basic Rate Interface B-Channels at 64 kbps each. Users and ISDN modem vendors have, however, figured out that a user with access to more than one B-Channel can initiate a relatively large number of Point-to-Point protocol (PPP) sessions between the user's computer and the ISP or Telco in order to create a multi-B-Channel digital link. These providers presently have no practical method for limiting users to a fixed number of B-Channels and/or charging a premium for such wide bandwidth links. In a typical retail model as shown in
FIG. 1
, an ISDN user will contact a network access server (NAS) using dial-up ISDN (integrated services digital network) telephone lines. The NAS interfaces the user with the data communications network. The way this works is that a user, for example, Joe@corpa.com, dials in to a NAS at ISP's Point of Presence (PoP
1
) on the Internet. A PPP (point to point protocol) session
12
is raised between NAS
1
14
, and Joe's terminal
16
. A LCP (Link Control Protocol) session is raised between NAS
1
and Joe's terminal. At this time the NAS
1
generates an AAA authentication request using a protocol such as RADIUS (Remote Authentication Dial-In User Service) to the ISP's AAA (authentication, authorization and accounting) service
20
. The AAA service
20
handles Joe's authentication (receipt and verification of password and user name), provisions him with appropriate authorizations, and handles accounting for the time and services used by Joe on the data communications network. The AAA service uses a local database
22
to store and retrieve AAA information. To complete Joe's log-in, an access-accept packet is sent to NAS
1
from AAA service
20
. Then an IPCP (Internet Protocol Control Protocol) session is raised between NAS
1
and Joe's terminal during which an IP address is returned to configure Joe's terminal's PPP stack. This completes the log-in of Joe. At present, there is little to restrict Joe from repeating this process a number of times to collect a number of B-Channel connections which can be paralleled to achieve a high bandwidth connection.
ISPs and Telcos (collectively sometimes referred to as “wholesale providers” or “wholesalers”) also offer wholesale Internet access to subsidiary and specialized service providers, CLECs (Competitive Local Exchange Carriers), corporations, and Community of Interest (COI) providers. Naturally, the processing afforded customers of the wholesale variety differs from the processing afforded customers of the retail variety. Subscriber information for individual wholesale users is usually stored by those who lease data communications network access from the Wholesaler. Hence, corporations, CLECs and COI providers do not normally share their user information with the wholesale providers. The Wholesaler, however, typically also has its own retail subscribers whose user information is stored in its databases. In some cases, a particular user might have accounts with both a wholesale provider and a retail provider. Hence, the Wholesaler must distinguish between the user's wholesale and retail accounts and initiate different actions based upon their status or Service Level Agreements (SLAs).
Traditional wholesale ISPs and Roaming Service Providers offer network access through a technique called “authentication proxying.” Proxying involves the transfer of the authentication responsibility to the “owner” of the subscriber. Thus, if a corporation was to outsource its corporate intranet to a Wholesaler, it would give up the maintenance of its dial-up servers (i.e., the NASes). It would not, however, normally want to give up the control of or information regarding its employees. Hence, when a corporate user connects to such a Wholesaler's network access servers, the user essentially perceives that the user is dialing into a corporate facility when the user is actually dialing into the Wholesaler's domain and then somehow gaining admittance to the corporation's intranet.
What really happens in that scenario is that the Wholesaler determines that the user belongs to Corporation A (Corp
A
) by parsing either the fully qualified domain name (“FQDN”) (e.g., Joe@corpa.com) supplied by the user, reading the Dialed Number Identification Service (“DNIS”) ID associated with the call, reading the call-line identification (“CLID”) associated with the call, or by using some other known mechanism. Using a DNIS ID, the Wholesaler looks at the telephone number (or a specific NAS in access networks other than dial-up) through which the user is connecting to the network. So if a user calls in to 123-456-7890 from his number of 123-444-5555, then the Wholesaler can know which number was called, i.e., the completing station. Having determined that the user trying to gain access belongs to Corp
A
, the Wholesaler cannot authenticate the user by itself. As noted earlier, the user's record is still located on Corp
A
's equipment. Hence, the Wholesaler will “proxy” out the authentication transaction from its AAA proxy service to Corp
A
. An AAA service within the corporation domain then identifies the user, verifies the password, and provisions the user with appropriate authorizations. It may also receive accounting information, if desired. Then the AAA service at Corp
A
notifies the Wholesaler's proxy service that the user is acceptable and passes along provisioning details associated with the user (such as an IP (Internet protocol) address to use or a pool identification of an IP address pool from which an IP address needs to be allocated and any other information that maybe needed). The Wholesaler then grants the user access to the network based upon the reply it gets back from Corp
A
. This technique is called “proxying.” This is shown diagrammatically in FIG.
2
.
To be able to perform basic proxying, the Wholesaler maintains minimal information on its proxy service
24
at its PoP. Information such as supported domain names, the IP address to which the transaction is to be sent, the port number (typically an OSI Layer 4 port number) to which the transaction is to be addressed, a shared secret between the proxy service and the remote AAA service, etc., are typically stored on proxy service
24
's local configuration database
30
.
For example, user Joe@corpa.com dials in to NAS
1
. A PPP (point to point protocol) session
26
is typically raised between Joe's terminal and NAS
1
as is a LCP (Link Control Protocol) session. At this time the NAS
1
generates an authentication request using a protocol such as RADIUS (Remote Authentication Dial-In User Service) to proxy service
24
. Proxy service
24
th
Alesso Craig Michael
Sitaraman Aravind
Yager Charles Troper
Cisco Technology Inc.
Kizou Hassan
Levitan Dmitry
Ritchie David B.
Thelen Reid & Priest LLP
LandOfFree
ISDN B-channel count limitation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with ISDN B-channel count limitation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and ISDN B-channel count limitation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3177559